From 04d9a2423857f4d1a7c7c2418b690c45a01f181a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 25 Jan 2024 21:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-01-25T21:00:24.971063+00:00 --- CVE-2004/CVE-2004-18xx/CVE-2004-1852.json | 75 +++++++++------- CVE-2005/CVE-2005-31xx/CVE-2005-3140.json | 65 ++++++++++++-- CVE-2007/CVE-2007-47xx/CVE-2007-4786.json | 31 ++++++- CVE-2008/CVE-2008-03xx/CVE-2008-0374.json | 94 +++++++++++++++------ CVE-2008/CVE-2008-32xx/CVE-2008-3289.json | 75 +++++++++++++--- CVE-2008/CVE-2008-41xx/CVE-2008-4122.json | 56 ++++++++++-- CVE-2008/CVE-2008-43xx/CVE-2008-4390.json | 75 +++++++++++++--- CVE-2021/CVE-2021-37xx/CVE-2021-3784.json | 4 +- CVE-2021/CVE-2021-42xx/CVE-2021-4245.json | 12 ++- CVE-2021/CVE-2021-42xx/CVE-2021-4257.json | 22 ++++- CVE-2022/CVE-2022-21xx/CVE-2022-2127.json | 8 +- CVE-2022/CVE-2022-42xx/CVE-2022-4277.json | 16 ++-- CVE-2022/CVE-2022-42xx/CVE-2022-4281.json | 22 ++++- CVE-2022/CVE-2022-45xx/CVE-2022-4523.json | 27 ++++-- CVE-2022/CVE-2022-45xx/CVE-2022-4565.json | 12 ++- CVE-2022/CVE-2022-45xx/CVE-2022-4597.json | 22 ++++- CVE-2023/CVE-2023-255xx/CVE-2023-25529.json | 10 ++- CVE-2023/CVE-2023-30xx/CVE-2023-3019.json | 6 +- CVE-2023/CVE-2023-31xx/CVE-2023-3181.json | 4 +- CVE-2023/CVE-2023-349xx/CVE-2023-34966.json | 8 +- CVE-2023/CVE-2023-349xx/CVE-2023-34967.json | 8 +- CVE-2023/CVE-2023-349xx/CVE-2023-34968.json | 8 +- CVE-2023/CVE-2023-35xx/CVE-2023-3567.json | 22 ++++- CVE-2023/CVE-2023-375xx/CVE-2023-37572.json | 6 +- CVE-2023/CVE-2023-37xx/CVE-2023-3772.json | 6 +- CVE-2023/CVE-2023-382xx/CVE-2023-38235.json | 20 ++++- CVE-2023/CVE-2023-38xx/CVE-2023-3812.json | 10 ++- CVE-2023/CVE-2023-391xx/CVE-2023-39169.json | 4 +- CVE-2023/CVE-2023-391xx/CVE-2023-39191.json | 10 ++- CVE-2023/CVE-2023-39xx/CVE-2023-3935.json | 72 +++++++++++++++- CVE-2023/CVE-2023-405xx/CVE-2023-40547.json | 4 +- CVE-2023/CVE-2023-40xx/CVE-2023-4001.json | 16 +++- CVE-2023/CVE-2023-414xx/CVE-2023-41474.json | 20 +++++ CVE-2023/CVE-2023-427xx/CVE-2023-42753.json | 18 +++- CVE-2023/CVE-2023-439xx/CVE-2023-43985.json | 74 ++++++++++++++-- CVE-2023/CVE-2023-443xx/CVE-2023-44358.json | 4 +- CVE-2023/CVE-2023-44xx/CVE-2023-4459.json | 6 +- CVE-2023/CVE-2023-463xx/CVE-2023-46351.json | 74 ++++++++++++++-- CVE-2023/CVE-2023-479xx/CVE-2023-47995.json | 11 +-- CVE-2023/CVE-2023-47xx/CVE-2023-4732.json | 8 +- CVE-2023/CVE-2023-500xx/CVE-2023-50028.json | 75 ++++++++++++++-- CVE-2023/CVE-2023-519xx/CVE-2023-51947.json | 90 ++++++++++++++++++-- CVE-2023/CVE-2023-519xx/CVE-2023-51948.json | 85 +++++++++++++++++-- CVE-2023/CVE-2023-520xx/CVE-2023-52076.json | 4 +- CVE-2023/CVE-2023-523xx/CVE-2023-52355.json | 63 ++++++++++++++ CVE-2023/CVE-2023-523xx/CVE-2023-52356.json | 67 +++++++++++++++ CVE-2023/CVE-2023-56xx/CVE-2023-5633.json | 6 +- CVE-2023/CVE-2023-62xx/CVE-2023-6267.json | 59 +++++++++++++ CVE-2023/CVE-2023-66xx/CVE-2023-6679.json | 16 +++- CVE-2023/CVE-2023-72xx/CVE-2023-7227.json | 55 ++++++++++++ CVE-2024/CVE-2024-05xx/CVE-2024-0562.json | 8 +- CVE-2024/CVE-2024-07xx/CVE-2024-0712.json | 74 ++++++++++++++-- CVE-2024/CVE-2024-07xx/CVE-2024-0718.json | 60 +++++++++++-- CVE-2024/CVE-2024-07xx/CVE-2024-0720.json | 61 +++++++++++-- CVE-2024/CVE-2024-07xx/CVE-2024-0721.json | 60 +++++++++++-- CVE-2024/CVE-2024-07xx/CVE-2024-0722.json | 60 +++++++++++-- CVE-2024/CVE-2024-07xx/CVE-2024-0723.json | 74 ++++++++++++++-- CVE-2024/CVE-2024-07xx/CVE-2024-0725.json | 74 ++++++++++++++-- CVE-2024/CVE-2024-07xx/CVE-2024-0728.json | 73 ++++++++++++++-- CVE-2024/CVE-2024-07xx/CVE-2024-0729.json | 61 +++++++++++-- CVE-2024/CVE-2024-07xx/CVE-2024-0730.json | 60 +++++++++++-- CVE-2024/CVE-2024-08xx/CVE-2024-0822.json | 4 +- CVE-2024/CVE-2024-08xx/CVE-2024-0879.json | 4 +- CVE-2024/CVE-2024-08xx/CVE-2024-0880.json | 4 +- CVE-2024/CVE-2024-08xx/CVE-2024-0882.json | 88 +++++++++++++++++++ CVE-2024/CVE-2024-08xx/CVE-2024-0883.json | 88 +++++++++++++++++++ CVE-2024/CVE-2024-216xx/CVE-2024-21630.json | 71 ++++++++++++++++ CVE-2024/CVE-2024-224xx/CVE-2024-22432.json | 4 +- CVE-2024/CVE-2024-225xx/CVE-2024-22529.json | 4 +- CVE-2024/CVE-2024-225xx/CVE-2024-22562.json | 69 ++++++++++++++- CVE-2024/CVE-2024-227xx/CVE-2024-22729.json | 4 +- CVE-2024/CVE-2024-227xx/CVE-2024-22749.json | 4 +- CVE-2024/CVE-2024-229xx/CVE-2024-22920.json | 69 ++++++++++++++- CVE-2024/CVE-2024-236xx/CVE-2024-23655.json | 59 +++++++++++++ CVE-2024/CVE-2024-236xx/CVE-2024-23656.json | 75 ++++++++++++++++ CVE-2024/CVE-2024-238xx/CVE-2024-23817.json | 59 +++++++++++++ CVE-2024/CVE-2024-238xx/CVE-2024-23855.json | 4 +- README.md | 72 +++++++++------- 78 files changed, 2594 insertions(+), 318 deletions(-) create mode 100644 CVE-2023/CVE-2023-414xx/CVE-2023-41474.json create mode 100644 CVE-2023/CVE-2023-523xx/CVE-2023-52355.json create mode 100644 CVE-2023/CVE-2023-523xx/CVE-2023-52356.json create mode 100644 CVE-2023/CVE-2023-62xx/CVE-2023-6267.json create mode 100644 CVE-2023/CVE-2023-72xx/CVE-2023-7227.json create mode 100644 CVE-2024/CVE-2024-08xx/CVE-2024-0882.json create mode 100644 CVE-2024/CVE-2024-08xx/CVE-2024-0883.json create mode 100644 CVE-2024/CVE-2024-216xx/CVE-2024-21630.json create mode 100644 CVE-2024/CVE-2024-236xx/CVE-2024-23655.json create mode 100644 CVE-2024/CVE-2024-236xx/CVE-2024-23656.json create mode 100644 CVE-2024/CVE-2024-238xx/CVE-2024-23817.json diff --git a/CVE-2004/CVE-2004-18xx/CVE-2004-1852.json b/CVE-2004/CVE-2004-18xx/CVE-2004-1852.json index cdcef6fc7f0..db221b60b01 100644 --- a/CVE-2004/CVE-2004-18xx/CVE-2004-1852.json +++ b/CVE-2004/CVE-2004-18xx/CVE-2004-1852.json @@ -2,8 +2,8 @@ "id": "CVE-2004-1852", "sourceIdentifier": "cve@mitre.org", "published": "2004-03-23T05:00:00.000", - "lastModified": "2017-07-11T01:31:24.403", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:57:57.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -44,7 +44,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-319" } ] } @@ -58,33 +58,17 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:dameware_development:mini_remote_control_server:3.70_.0.0:*:*:*:*:*:*:*", - "matchCriteriaId": "77FC1534-2AD0-43E8-A706-7158F3BB6832" + "criteria": "cpe:2.3:a:solarwinds:dameware_mini_remote_control:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0", + "versionEndExcluding": "3.74", + "matchCriteriaId": "E7EC239C-1358-4A4F-A7D6-34B715B241D8" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:dameware_development:mini_remote_control_server:3.71_.0.0:*:*:*:*:*:*:*", - "matchCriteriaId": "F574913E-1713-49EC-A996-B259E8FEAC40" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:dameware_development:mini_remote_control_server:3.72_.0.0:*:*:*:*:*:*:*", - "matchCriteriaId": "223D4A90-BDAF-4CCD-A59E-253C7D1BE3A5" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:dameware_development:mini_remote_control_server:3.73_.0.0:*:*:*:*:*:*:*", - "matchCriteriaId": "7AD07F5E-8EC9-4E4B-BDC5-F3585780C8C1" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:dameware_development:mini_remote_control_server:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "BF8A0D9C-CC8C-419E-8985-49BF866527B6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:dameware_development:mini_remote_control_server:4.1_.0.0:*:*:*:*:*:*:*", - "matchCriteriaId": "EDFCB0A0-A373-4934-9947-86E73BC67EC8" + "criteria": "cpe:2.3:a:solarwinds:dameware_mini_remote_control:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndExcluding": "4.2", + "matchCriteriaId": "49B9CA37-16F3-4847-9DA5-14BB582582F7" } ] } @@ -94,12 +78,28 @@ "references": [ { "url": "http://marc.info/?l=bugtraq&m=108016344224973&w=2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/11205", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Patch", + "Vendor Advisory" + ] }, { "url": "http://securitytracker.com/id?1009557", "source": "cve@mitre.org", "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry", "Vendor Advisory" ] }, @@ -107,7 +107,15 @@ "url": "http://www.dameware.com/support/security/bulletin.asp?ID=SB3", "source": "cve@mitre.org", "tags": [ - "Patch", + "Product", + "Vendor Advisory" + ] + }, + { + "url": "http://www.osvdb.org/4547", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", "Vendor Advisory" ] }, @@ -115,13 +123,20 @@ "url": "http://www.securityfocus.com/bid/9959", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Patch", + "Third Party Advisory", + "VDB Entry", "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15586", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2005/CVE-2005-31xx/CVE-2005-3140.json b/CVE-2005/CVE-2005-31xx/CVE-2005-3140.json index 143b89350d2..9d15517ea55 100644 --- a/CVE-2005/CVE-2005-31xx/CVE-2005-3140.json +++ b/CVE-2005/CVE-2005-31xx/CVE-2005-3140.json @@ -2,8 +2,8 @@ "id": "CVE-2005-3140", "sourceIdentifier": "cve@mitre.org", "published": "2005-10-05T21:02:00.000", - "lastModified": "2016-10-18T03:33:06.610", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:58:37.110", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -44,22 +66,34 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-319" } ] } ], "configurations": [ { + "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:procom:netforce_800_firmware:4.02:m10:*:*:*:*:*:*", + "matchCriteriaId": "A506BCAF-7025-4C42-BF99-D8D09051E2A1" + } + ] + }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, - "criteria": "cpe:2.3:a:procom_technology:netforce:800_4.2_m10_build20:*:*:*:*:*:*:*", - "matchCriteriaId": "59D9400D-9574-4565-BFF7-A39F7EB56764" + "criteria": "cpe:2.3:h:procom:netforce_800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CB21CDD8-08B0-460A-A3E4-98943C9B685F" } ] } @@ -69,11 +103,28 @@ "references": [ { "url": "http://marc.info/?l=bugtraq&m=112818351032426&w=2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/17033/", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] }, { "url": "http://www.securityfocus.com/bid/14997", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2007/CVE-2007-47xx/CVE-2007-4786.json b/CVE-2007/CVE-2007-47xx/CVE-2007-4786.json index ebf3b4d1df2..3d4bb3d4f2f 100644 --- a/CVE-2007/CVE-2007-47xx/CVE-2007-4786.json +++ b/CVE-2007/CVE-2007-47xx/CVE-2007-4786.json @@ -2,7 +2,7 @@ "id": "CVE-2007-4786", "sourceIdentifier": "cve@mitre.org", "published": "2007-09-10T21:17:00.000", - "lastModified": "2023-08-11T19:03:30.373", + "lastModified": "2024-01-25T20:59:39.773", "vulnStatus": "Analyzed", "descriptions": [ { @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -48,7 +70,7 @@ "description": [ { "lang": "en", - "value": "CWE-255" + "value": "CWE-319" } ] } @@ -105,6 +127,7 @@ "url": "http://secunia.com/advisories/26677", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Third Party Advisory" ] }, @@ -112,6 +135,7 @@ "url": "http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsj72903", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Vendor Advisory" ] }, @@ -135,6 +159,7 @@ "url": "http://www.securityfocus.com/bid/25548", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] @@ -143,6 +168,7 @@ "url": "http://www.securitytracker.com/id?1018660", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] @@ -151,6 +177,7 @@ "url": "http://www.vupen.com/english/advisories/2007/3076", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Third Party Advisory" ] }, diff --git a/CVE-2008/CVE-2008-03xx/CVE-2008-0374.json b/CVE-2008/CVE-2008-03xx/CVE-2008-0374.json index 1b4546f40a9..7600f2d1cb5 100644 --- a/CVE-2008/CVE-2008-03xx/CVE-2008-0374.json +++ b/CVE-2008/CVE-2008-03xx/CVE-2008-0374.json @@ -2,8 +2,8 @@ "id": "CVE-2008-0374", "sourceIdentifier": "cve@mitre.org", "published": "2008-01-22T20:00:00.000", - "lastModified": "2018-10-15T21:59:11.017", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:41:45.390", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -48,13 +70,14 @@ "description": [ { "lang": "en", - "value": "CWE-310" + "value": "CWE-319" } ] } ], "configurations": [ { + "operator": "AND", "nodes": [ { "operator": "OR", @@ -62,23 +85,19 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:h:oki_printing_solutions:c5510_mfp_printer:cu_h2.15:*:*:*:*:*:*:*", - "matchCriteriaId": "964CF56F-E508-43F1-8A38-6E317EEB2F3C" - }, + "criteria": "cpe:2.3:o:oki:c5510mfp_firmware:1.01:*:*:*:*:*:*:*", + "matchCriteriaId": "C5362609-08DD-42AC-811A-52F59ABF6576" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:h:oki_printing_solutions:c5510_mfp_printer:pu_01.03.01:*:*:*:*:*:*:*", - "matchCriteriaId": "85B01403-5AD0-4392-A972-378264273E41" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:h:oki_printing_solutions:c5510_mfp_printer:system_fw_1.01:*:*:*:*:*:*:*", - "matchCriteriaId": "083B70EA-6BDC-4CE6-8A18-AC6B148DB80B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:h:oki_printing_solutions:c5510_mfp_printer:web_page_1.00:*:*:*:*:*:*:*", - "matchCriteriaId": "FBE3CC28-CC95-4C06-9682-696DD3DA1863" + "vulnerable": false, + "criteria": "cpe:2.3:h:oki:c5510mfp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6B1AF628-BB40-454B-85B0-B39047E75F52" } ] } @@ -86,25 +105,52 @@ } ], "references": [ + { + "url": "http://secunia.com/advisories/28553", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, { "url": "http://securityreason.com/securityalert/3569", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.securityfocus.com/archive/1/486511/100/0/threaded", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securityfocus.com/bid/27339", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39775", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2008/CVE-2008-32xx/CVE-2008-3289.json b/CVE-2008/CVE-2008-32xx/CVE-2008-3289.json index e41372c09db..cfa3424a93b 100644 --- a/CVE-2008/CVE-2008-32xx/CVE-2008-3289.json +++ b/CVE-2008/CVE-2008-32xx/CVE-2008-3289.json @@ -2,8 +2,8 @@ "id": "CVE-2008-3289", "sourceIdentifier": "cve@mitre.org", "published": "2008-07-24T17:41:00.000", - "lastModified": "2018-10-11T20:47:51.943", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:43:11.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -48,7 +70,7 @@ "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-319" } ] } @@ -62,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:emc_dantz:retrospect_backup_client:7.5.116:*:*:*:*:*:*:*", - "matchCriteriaId": "BF365E84-EFA2-4605-945B-A628C8282F7D" + "criteria": "cpe:2.3:a:storcentric:retrospect_backup_client:7.5.116:*:*:*:*:-:*:*", + "matchCriteriaId": "20456311-7EC0-433D-AF55-253AEC29FA03" } ] } @@ -73,37 +95,68 @@ "references": [ { "url": "http://kb.dantz.com/display/2/articleDirect/index.asp?aid=9692&r=0.5160639", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/31186", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Patch", + "Vendor Advisory" + ] }, { "url": "http://securityreason.com/securityalert/4025", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.fortiguardcenter.com/advisory/FGA-2008-16.html", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Patch" ] }, { "url": "http://www.securityfocus.com/archive/1/494560/100/0/threaded", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securityfocus.com/bid/30308", "source": "cve@mitre.org", "tags": [ - "Patch" + "Broken Link", + "Patch", + "Third Party Advisory", + "VDB Entry" ] }, { "url": "http://www.vupen.com/english/advisories/2008/2150/references", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43930", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2008/CVE-2008-41xx/CVE-2008-4122.json b/CVE-2008/CVE-2008-41xx/CVE-2008-4122.json index d770b0babcb..5b2b2abec8b 100644 --- a/CVE-2008/CVE-2008-41xx/CVE-2008-4122.json +++ b/CVE-2008/CVE-2008-41xx/CVE-2008-4122.json @@ -2,8 +2,8 @@ "id": "CVE-2008-4122", "sourceIdentifier": "cve@mitre.org", "published": "2008-12-19T17:30:02.907", - "lastModified": "2018-10-11T20:51:00.800", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:55:42.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -48,7 +70,7 @@ "description": [ { "lang": "en", - "value": "CWE-310" + "value": "CWE-319" } ] } @@ -62,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:joomla:joomla:1.5.8:*:*:*:*:*:*:*", - "matchCriteriaId": "5F155C3B-AAF5-4393-A964-E655113D84DE" + "criteria": "cpe:2.3:a:joomla:joomla\\!:1.5.8:*:*:*:*:*:*:*", + "matchCriteriaId": "466E5E84-4C69-49F2-83DA-FC86202DB7F4" } ] } @@ -73,19 +95,35 @@ "references": [ { "url": "http://int21.de/cve/CVE-2008-4122-joomla.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://securityreason.com/securityalert/4794", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.securityfocus.com/archive/1/499295/100/0/threaded", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securityfocus.com/archive/1/499354/100/0/threaded", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2008/CVE-2008-43xx/CVE-2008-4390.json b/CVE-2008/CVE-2008-43xx/CVE-2008-4390.json index d39b9874378..081b05e54b5 100644 --- a/CVE-2008/CVE-2008-43xx/CVE-2008-4390.json +++ b/CVE-2008/CVE-2008-43xx/CVE-2008-4390.json @@ -2,8 +2,8 @@ "id": "CVE-2008-4390", "sourceIdentifier": "cret@cert.org", "published": "2008-12-09T00:30:00.237", - "lastModified": "2009-08-20T05:21:16.663", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:50:10.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -48,13 +70,14 @@ "description": [ { "lang": "en", - "value": "CWE-200" + "value": "CWE-319" } ] } ], "configurations": [ { + "operator": "AND", "nodes": [ { "operator": "OR", @@ -62,14 +85,20 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:h:cisco:wvc54gc:*:*:*:*:*:*:*:*", - "versionEndIncluding": "1.19", - "matchCriteriaId": "C882AB42-F04C-4968-A9C9-035A7411153E" - }, + "criteria": "cpe:2.3:o:cisco:linksys_wvc54gc_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.25", + "matchCriteriaId": "AB178094-7CC3-466B-981D-1E68979F41E6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:h:cisco:wvc54gc:1.15:*:*:*:*:*:*:*", - "matchCriteriaId": "39AE4F03-2623-476F-BFBF-5D458432BAEC" + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:linksys_wvc54gc:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0698E417-EEDE-40E4-AAD5-CF890FC7BEB1" } ] } @@ -77,25 +106,45 @@ } ], "references": [ + { + "url": "http://secunia.com/advisories/33032", + "source": "cret@cert.org", + "tags": [ + "Broken Link" + ] + }, { "url": "http://www.kb.cert.org/vuls/id/528993", "source": "cret@cert.org", "tags": [ "Patch", + "Third Party Advisory", "US Government Resource" ] }, { "url": "http://www.kb.cert.org/vuls/id/MAPG-7HJKSA", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "http://www.linksys.com/servlet/Satellite?blobcol=urldata&blobheadername1=Content-Type&blobheadername2=Content-Disposition&blobheadervalue1=text%2Fplain&blobheadervalue2=inline%3B+filename%3DWVC54GC-V1.0_non-RoHS-v1.25_fw_ver.txt&blobkey=id&blobtable=MungoBlobs&blobwhere=1193776031728&ssbinary=true&lid=8104724130B17", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Product" + ] }, { "url": "http://www.securityfocus.com/bid/32666", - "source": "cret@cert.org" + "source": "cret@cert.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-37xx/CVE-2021-3784.json b/CVE-2021/CVE-2021-37xx/CVE-2021-3784.json index 644550e834a..02e1416f057 100644 --- a/CVE-2021/CVE-2021-37xx/CVE-2021-3784.json +++ b/CVE-2021/CVE-2021-37xx/CVE-2021-3784.json @@ -2,8 +2,8 @@ "id": "CVE-2021-3784", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-04T16:15:09.940", - "lastModified": "2023-12-19T15:15:07.850", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:33:55.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-42xx/CVE-2021-4245.json b/CVE-2021/CVE-2021-42xx/CVE-2021-4245.json index 5b2f8b8544a..809ebcc54c5 100644 --- a/CVE-2021/CVE-2021-42xx/CVE-2021-4245.json +++ b/CVE-2021/CVE-2021-42xx/CVE-2021-4245.json @@ -2,12 +2,16 @@ "id": "CVE-2021-4245", "sourceIdentifier": "cna@vuldb.com", "published": "2022-12-15T20:15:09.783", - "lastModified": "2023-11-07T03:40:25.713", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:40:00.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in chbrown rfc6902. This affects an unknown part of the file pointer.ts. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The exploit has been disclosed to the public and may be used. The name of the patch is c006ce9faa43d31edb34924f1df7b79c137096cf. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215883." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en chbrown rfc6902 y clasificada como problem\u00e1tica. Una parte desconocida del archivo pointer.ts afecta a esta vulnerabilidad. La manipulaci\u00f3n conduce a una modificaci\u00f3n controlada inadecuadamente de los atributos del prototipo del objeto (\"prototype pollution\"). La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El nombre del parche es c006ce9faa43d31edb34924f1df7b79c137096cf. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-215883." } ], "metrics": { @@ -33,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -66,7 +70,7 @@ ] }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "description": [ { diff --git a/CVE-2021/CVE-2021-42xx/CVE-2021-4257.json b/CVE-2021/CVE-2021-42xx/CVE-2021-4257.json index 80829e2bd27..7a81e7d7bc0 100644 --- a/CVE-2021/CVE-2021-42xx/CVE-2021-4257.json +++ b/CVE-2021/CVE-2021-42xx/CVE-2021-4257.json @@ -2,12 +2,16 @@ "id": "CVE-2021-4257", "sourceIdentifier": "cna@vuldb.com", "published": "2022-12-18T22:15:10.623", - "lastModified": "2023-11-07T03:40:27.327", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:40:48.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 698c5fa465169d6f23c6a41ca4b1fc9a7869013a. It is recommended to apply a patch to fix this issue. VDB-216214 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en ctrlo lenio. Ha sido declarada problem\u00e1tica. Una vulnerabilidad afecta a un c\u00f3digo desconocido del archivo views/task.tt del componente Task Handler. La manipulaci\u00f3n del argumento site.org.name/check.name/task.tasktype.name/task.name conduce a Cross-Site Scripting. El ataque se puede iniciar de forma remota. El nombre del parche es 698c5fa465169d6f23c6a41ca4b1fc9a7869013a. Se recomienda aplicar un parche para solucionar este problema. VDB-216214 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { @@ -33,7 +37,7 @@ "impactScore": 2.7 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -56,8 +60,18 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-21xx/CVE-2022-2127.json b/CVE-2022/CVE-2022-21xx/CVE-2022-2127.json index efd0d9151af..e7e6651aab3 100644 --- a/CVE-2022/CVE-2022-21xx/CVE-2022-2127.json +++ b/CVE-2022/CVE-2022-21xx/CVE-2022-2127.json @@ -2,8 +2,8 @@ "id": "CVE-2022-2127", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-20T15:15:11.183", - "lastModified": "2023-12-27T22:05:25.597", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-25T20:15:34.893", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -189,6 +189,10 @@ "Third Party Advisory" ] }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0423", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2022-2127", "source": "secalert@redhat.com", diff --git a/CVE-2022/CVE-2022-42xx/CVE-2022-4277.json b/CVE-2022/CVE-2022-42xx/CVE-2022-4277.json index b7629795007..35170be5e67 100644 --- a/CVE-2022/CVE-2022-42xx/CVE-2022-4277.json +++ b/CVE-2022/CVE-2022-42xx/CVE-2022-4277.json @@ -2,12 +2,16 @@ "id": "CVE-2022-4277", "sourceIdentifier": "cna@vuldb.com", "published": "2022-12-03T18:15:09.987", - "lastModified": "2023-11-07T03:57:23.590", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:37:48.310", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214774 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Shaoxing Background Management System. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /Default/Bd. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-214774 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { @@ -33,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -66,7 +70,7 @@ ] }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "description": [ { @@ -85,8 +89,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:background_management_system_project:background_management_system:-:*:*:*:*:*:*:*", - "matchCriteriaId": "26F09802-5C61-4EB4-84FC-AD605F65FDCE" + "criteria": "cpe:2.3:a:xsjczx:background_management_system:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D269F402-17A4-40C1-A67D-AFCADE0CC5A8" } ] } diff --git a/CVE-2022/CVE-2022-42xx/CVE-2022-4281.json b/CVE-2022/CVE-2022-42xx/CVE-2022-4281.json index 7bdc5283e1c..7ac7343db03 100644 --- a/CVE-2022/CVE-2022-42xx/CVE-2022-4281.json +++ b/CVE-2022/CVE-2022-42xx/CVE-2022-4281.json @@ -2,12 +2,16 @@ "id": "CVE-2022-4281", "sourceIdentifier": "cna@vuldb.com", "published": "2022-12-05T07:15:10.223", - "lastModified": "2023-11-07T03:57:24.670", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:23:56.527", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely. The identifier VDB-214789 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en Facepay 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /face-recognition-php/facepay-master/camera.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento userId conduce a la omisi\u00f3n de autorizaci\u00f3n. El ataque se puede lanzar de forma remota. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-214789." } ], "metrics": { @@ -33,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -56,8 +60,18 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-45xx/CVE-2022-4523.json b/CVE-2022/CVE-2022-45xx/CVE-2022-4523.json index 5cdb4d0d326..e3b80fcde4b 100644 --- a/CVE-2022/CVE-2022-45xx/CVE-2022-4523.json +++ b/CVE-2022/CVE-2022-45xx/CVE-2022-4523.json @@ -2,12 +2,16 @@ "id": "CVE-2022-4523", "sourceIdentifier": "cna@vuldb.com", "published": "2022-12-15T21:15:12.933", - "lastModified": "2023-11-07T03:58:04.280", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:40:07.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in vexim2. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 21c0a60d12e9d587f905cd084b2c70f9b1592065. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215903." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en vexim2 y clasificada como problem\u00e1tica. Este problema afecta alg\u00fan procesamiento desconocido. La manipulaci\u00f3n conduce a Cross-Site Scripting. El ataque puede iniciarse de forma remota. El nombre del parche es 21c0a60d12e9d587f905cd084b2c70f9b1592065. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-215903." } ], "metrics": { @@ -33,7 +37,7 @@ "impactScore": 2.7 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -56,8 +60,18 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -75,8 +89,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:virtual_exim_project:virtual_exim_2:-:*:*:*:*:*:*:*", - "matchCriteriaId": "491D51B3-9C81-4611-AC0C-626B18AA6337" + "criteria": "cpe:2.3:a:virtual_exim_project:virtual_exim_2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2022-01-23", + "matchCriteriaId": "A99C9A61-3E9D-491F-A281-827B412ED68F" } ] } diff --git a/CVE-2022/CVE-2022-45xx/CVE-2022-4565.json b/CVE-2022/CVE-2022-45xx/CVE-2022-4565.json index 237d3ee40c6..604104c4f1e 100644 --- a/CVE-2022/CVE-2022-45xx/CVE-2022-4565.json +++ b/CVE-2022/CVE-2022-45xx/CVE-2022-4565.json @@ -2,12 +2,16 @@ "id": "CVE-2022-4565", "sourceIdentifier": "cna@vuldb.com", "published": "2022-12-16T19:15:08.977", - "lastModified": "2023-11-07T03:58:10.987", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:40:35.190", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.8.11 is able to address this issue. It is recommended to upgrade the affected component. VDB-215974 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Dromara HuTool hasta 5.8.10 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo cn.hutool.core.util.ZipUtil.java. La manipulaci\u00f3n conduce al consumo de recursos. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 5.8.11 puede solucionar este problema. Se recomienda actualizar el componente afectado. VDB-215974 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { @@ -33,7 +37,7 @@ "impactScore": 3.6 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -66,7 +70,7 @@ ] }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "description": [ { diff --git a/CVE-2022/CVE-2022-45xx/CVE-2022-4597.json b/CVE-2022/CVE-2022-45xx/CVE-2022-4597.json index 4a2749190fe..3412289e744 100644 --- a/CVE-2022/CVE-2022-45xx/CVE-2022-4597.json +++ b/CVE-2022/CVE-2022-45xx/CVE-2022-4597.json @@ -2,12 +2,16 @@ "id": "CVE-2022-4597", "sourceIdentifier": "cna@vuldb.com", "published": "2022-12-18T11:15:10.560", - "lastModified": "2023-11-07T03:58:18.040", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:40:44.060", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in Shoplazza LifeStyle 1.1. Affected is an unknown function of the file /admin/api/admin/v2_products of the component Create Product Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216192." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Shoplazza LifeStyle 1.1 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /admin/api/admin/v2_products del componente Create Product Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a Cross-Site Scripting. Es posible lanzar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-216192." } ], "metrics": { @@ -33,7 +37,7 @@ "impactScore": 2.7 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -56,8 +60,18 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25529.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25529.json index 94d82803bb4..742afbee2dc 100644 --- a/CVE-2023/CVE-2023-255xx/CVE-2023-25529.json +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25529.json @@ -2,12 +2,12 @@ "id": "CVE-2023-25529", "sourceIdentifier": "psirt@nvidia.com", "published": "2023-09-20T01:15:53.497", - "lastModified": "2023-09-22T17:17:26.360", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-25T19:15:08.027", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user\u2019s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering." + "value": "NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user\u2019s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering." }, { "lang": "es", @@ -117,6 +117,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510", + "source": "psirt@nvidia.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3019.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3019.json index 60d01b66e7d..d3ef6537699 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3019.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3019.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3019", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-24T16:15:12.253", - "lastModified": "2024-01-10T15:15:08.633", + "lastModified": "2024-01-25T20:15:35.763", "vulnStatus": "Modified", "descriptions": [ { @@ -123,6 +123,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0135", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0404", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-3019", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3181.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3181.json index ca7707b6e05..e722b6c9291 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3181.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3181.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3181", "sourceIdentifier": "cve-coordination@google.com", "published": "2024-01-25T16:15:07.400", - "lastModified": "2024-01-25T16:15:07.400", - "vulnStatus": "Received", + "lastModified": "2024-01-25T19:28:53.800", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34966.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34966.json index f7236956bb3..922f021128b 100644 --- a/CVE-2023/CVE-2023-349xx/CVE-2023-34966.json +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34966.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34966", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-20T15:15:11.333", - "lastModified": "2023-12-27T22:06:19.453", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-25T20:15:35.050", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -183,6 +183,10 @@ "Third Party Advisory" ] }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0423", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-34966", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34967.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34967.json index 84019e4fe58..fd0ece72654 100644 --- a/CVE-2023/CVE-2023-349xx/CVE-2023-34967.json +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34967.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34967", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-20T15:15:11.410", - "lastModified": "2023-12-27T22:06:24.227", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-25T20:15:35.203", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -183,6 +183,10 @@ "Third Party Advisory" ] }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0423", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-34967", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34968.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34968.json index 1e1a137a0ad..b9c8b5b0a58 100644 --- a/CVE-2023/CVE-2023-349xx/CVE-2023-34968.json +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34968.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34968", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-20T15:15:11.540", - "lastModified": "2023-12-28T14:38:56.397", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-25T20:15:35.400", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -178,6 +178,10 @@ "Third Party Advisory" ] }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0423", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-34968", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json index bd6daac3738..1489b7ee59b 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3567", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-24T16:15:12.990", - "lastModified": "2023-11-29T15:15:08.000", + "lastModified": "2024-01-25T20:15:36.107", "vulnStatus": "Modified", "descriptions": [ { @@ -192,6 +192,26 @@ "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0412", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0431", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0432", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0439", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0448", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-3567", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37572.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37572.json index 2e757d4d78b..444bd29141b 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37572.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37572.json @@ -2,12 +2,12 @@ "id": "CVE-2023-37572", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-05T06:15:48.617", - "lastModified": "2023-12-11T15:34:02.400", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-25T20:15:35.540", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service." + "value": "Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service. The service executable could be changed or the service could be deleted." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json index 8d428d33b44..380e49c4527 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3772", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-25T16:15:11.660", - "lastModified": "2024-01-11T19:15:10.697", + "lastModified": "2024-01-25T20:15:36.360", "vulnStatus": "Modified", "descriptions": [ { @@ -197,6 +197,10 @@ "Third Party Advisory" ] }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0412", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-3772", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38235.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38235.json index 69eeb94ae8b..d94a564fd7b 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38235.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38235.json @@ -2,12 +2,16 @@ "id": "CVE-2023-38235", "sourceIdentifier": "psirt@adobe.com", "published": "2023-08-10T14:15:13.680", - "lastModified": "2023-09-14T13:15:09.280", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:24:34.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 23.003.20244 (y anteriores) y 20.005.30467 (y anteriores) de Adobe Acrobat Reader est\u00e1n afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para omitir mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario en el sentido de que una v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { @@ -56,7 +60,7 @@ }, "weaknesses": [ { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -64,6 +68,16 @@ "value": "CWE-125" } ] + }, + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3812.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3812.json index 7b55021c339..b3b0978239e 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3812.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3812.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3812", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-24T16:15:13.337", - "lastModified": "2024-01-25T08:15:09.043", + "lastModified": "2024-01-25T20:15:36.750", "vulnStatus": "Modified", "descriptions": [ { @@ -244,6 +244,14 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0378", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0412", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0461", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-3812", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39169.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39169.json index 622b3d461ef..c357cef0c55 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39169.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39169.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39169", "sourceIdentifier": "info@cert.vde.com", "published": "2023-12-07T15:15:07.777", - "lastModified": "2023-12-14T15:15:07.950", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:34:50.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39191.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39191.json index 4d67dcb1f51..e527228fdf0 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39191.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39191.json @@ -2,7 +2,7 @@ "id": "CVE-2023-39191", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-04T19:15:10.210", - "lastModified": "2024-01-25T08:15:08.770", + "lastModified": "2024-01-25T20:15:35.643", "vulnStatus": "Modified", "descriptions": [ { @@ -137,6 +137,14 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0381", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0439", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0448", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-39191", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3935.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3935.json index 5231e50e028..50a9e9622da 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3935.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3935.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3935", "sourceIdentifier": "info@cert.vde.com", "published": "2023-09-13T14:15:09.147", - "lastModified": "2023-09-19T08:15:44.727", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:24:58.783", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -60,7 +60,7 @@ }, "weaknesses": [ { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -68,6 +68,16 @@ "value": "CWE-787" } ] + }, + { + "source": "info@cert.vde.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ @@ -211,6 +221,57 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phoenixcontact:activation_wizard:*:*:*:*:*:moryx:*:*", + "versionEndIncluding": "1.6", + "matchCriteriaId": "E8198A71-1EA7-4DAC-8D4F-EB646A0DC635" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phoenixcontact:e-mobility_charging_suite:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.7.0", + "matchCriteriaId": "2B2B109F-41E0-4CC9-9F9F-F1AD06E1EA77" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phoenixcontact:fl_network_manager:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.0", + "matchCriteriaId": "C8751F63-3D03-434A-BF4E-67320F6672FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phoenixcontact:iol-conf:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.7.0", + "matchCriteriaId": "907E5EB3-8346-4371-9CFF-0F885CC0529E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phoenixcontact:module_type_package_designer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.0", + "matchCriteriaId": "C9659319-4AEC-4112-9EAC-7892C0A37AA8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta:*:*:*:*:*:*", + "matchCriteriaId": "BB44DD6D-7685-4346-91BC-30CB9531982A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023.6", + "matchCriteriaId": "170FABD2-23D5-4885-AA09-B4130F945564" + } + ] + } + ] } ], "references": [ @@ -223,7 +284,10 @@ }, { "url": "https://cert.vde.com/en/advisories/VDE-2023-030/", - "source": "info@cert.vde.com" + "source": "info@cert.vde.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://cert.vde.com/en/advisories/VDE-2023-031/", diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40547.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40547.json index 5716929d483..14dcfe5d189 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40547.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40547.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40547", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-25T16:15:07.717", - "lastModified": "2024-01-25T16:15:07.717", - "vulnStatus": "Received", + "lastModified": "2024-01-25T19:28:53.800", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4001.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4001.json index d8ebe711e40..5ba57f232e6 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4001.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4001.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4001", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-15T11:15:08.270", - "lastModified": "2024-01-23T19:29:20.947", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-25T20:15:37.510", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -140,6 +140,18 @@ "Mailing List" ] }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0437", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0456", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0468", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4001", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-414xx/CVE-2023-41474.json b/CVE-2023/CVE-2023-414xx/CVE-2023-41474.json new file mode 100644 index 00000000000..3ad3cec4894 --- /dev/null +++ b/CVE-2023/CVE-2023-414xx/CVE-2023-41474.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41474", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-25T20:15:36.993", + "lastModified": "2024-01-25T20:15:36.993", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Directory Traversal vulnerability in Ivanti Avalanche 6.3.4.153 allows a remote authenticated attacker to obtain sensitive information via the javax.faces.resource component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/JBalanza/CVE-2023-41474", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42753.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42753.json index e760b350bfa..96fc8c28703 100644 --- a/CVE-2023/CVE-2023-427xx/CVE-2023-42753.json +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42753.json @@ -2,7 +2,7 @@ "id": "CVE-2023-42753", "sourceIdentifier": "secalert@redhat.com", "published": "2023-09-25T21:15:15.923", - "lastModified": "2024-01-25T08:15:09.633", + "lastModified": "2024-01-25T20:15:37.117", "vulnStatus": "Modified", "descriptions": [ { @@ -211,6 +211,22 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0378", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0402", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0403", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0412", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0461", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-42753", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-439xx/CVE-2023-43985.json b/CVE-2023/CVE-2023-439xx/CVE-2023-43985.json index 577871f782f..a700abba9e8 100644 --- a/CVE-2023/CVE-2023-439xx/CVE-2023-43985.json +++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43985.json @@ -2,23 +2,87 @@ "id": "CVE-2023-43985", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.317", - "lastModified": "2024-01-19T15:56:19.500", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T20:07:56.693", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL injection vulnerability via the StBlogSearchClass::prepareSearch component." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que SunnyToo stblogsearch hasta v1.0.0 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente StBlogSearchClass::prepareSearch." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sunnytoo:stblogsearch:*:*:*:*:*:prestashop:*:*", + "versionEndIncluding": "1.0.0", + "matchCriteriaId": "C6F521FE-EEF4-47C3-B841-1E34AF032AD4" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://security.friendsofpresta.org/modules/2024/01/18/stblogsearch.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://www.sunnytoo.com/product/panda-creative-responsive-prestashop-theme", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44358.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44358.json index 5a4d64edc9c..4b4158f5127 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44358.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44358.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44358", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:13.740", - "lastModified": "2023-12-04T16:15:08.937", - "vulnStatus": "Modified", + "lastModified": "2024-01-25T20:34:40.990", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4459.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4459.json index f7ba37a64c0..37f4a9bcb49 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4459.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4459.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4459", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-21T19:15:09.373", - "lastModified": "2023-12-06T02:15:06.860", + "lastModified": "2024-01-25T20:15:37.910", "vulnStatus": "Modified", "descriptions": [ { @@ -115,6 +115,10 @@ } ], "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0412", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4459", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46351.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46351.json index 77597f4917d..3da2c8da6bb 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46351.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46351.json @@ -2,23 +2,87 @@ "id": "CVE-2023-46351", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.367", - "lastModified": "2024-01-19T15:56:19.500", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T20:14:36.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection." + }, + { + "lang": "es", + "value": "En el m\u00f3dulo mib < 1.6.1 de MyPresta.eu para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL. Los m\u00e9todos `mib::getManufacturersByCategory()` tienen llamadas SQL sensibles que pueden ejecutarse con una llamada http trivial y explotarse para falsificar una inyecci\u00f3n SQL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mypresta:manufacturers_\\(brands\\)_images_block:*:*:*:*:*:prestashop:*:*", + "versionEndExcluding": "1.6.1", + "matchCriteriaId": "36064C96-D338-451A-985D-4247EC713B2C" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://mypresta.eu/modules/front-office-features/manufacturers-brands-images-block.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://security.friendsofpresta.org/modules/2024/01/18/mib.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-479xx/CVE-2023-47995.json b/CVE-2023/CVE-2023-479xx/CVE-2023-47995.json index bab41d7b815..ae3ff08df34 100644 --- a/CVE-2023/CVE-2023-479xx/CVE-2023-47995.json +++ b/CVE-2023/CVE-2023-479xx/CVE-2023-47995.json @@ -2,12 +2,12 @@ "id": "CVE-2023-47995", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-09T23:15:09.637", - "lastModified": "2024-01-25T18:15:07.957", + "lastModified": "2024-01-25T20:15:37.297", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Buffer Overflow vulnerability in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service." + "value": "Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service." }, { "lang": "es", @@ -68,13 +68,6 @@ } ], "references": [ - { - "url": "https://freeimage.sourceforge.io/", - "source": "cve@mitre.org", - "tags": [ - "Product" - ] - }, { "url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47995", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4732.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4732.json index f164065a3a7..963c4f402e3 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4732.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4732.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4732", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-03T17:15:09.853", - "lastModified": "2024-01-21T02:17:30.047", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-25T20:15:38.027", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -175,6 +175,10 @@ "Third Party Advisory" ] }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0412", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4732", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50028.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50028.json index 87d48118f61..79c71c2229d 100644 --- a/CVE-2023/CVE-2023-500xx/CVE-2023-50028.json +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50028.json @@ -2,23 +2,88 @@ "id": "CVE-2023-50028", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.413", - "lastModified": "2024-01-19T15:56:19.500", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T19:55:05.850", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In the module \"Sliding cart block\" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection." + }, + { + "lang": "es", + "value": "En el m\u00f3dulo \"Sliding cart block\" (blockslidingcart) hasta la versi\u00f3n 2.3.8 de PrestashopModules.eu para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prestashopmodules:sliding_cart_block:*:*:*:*:*:prestashop:*:*", + "versionEndExcluding": "2.3.8", + "matchCriteriaId": "E41B226E-94F0-4EC8-BAC9-DEF6AD12F246" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://addons.prestashop.com/en/express-checkout-process/3321-block-sliding-cart.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://security.friendsofpresta.org/modules/2024/01/16/blockslidingcart.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51947.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51947.json index 40611bf3d0c..001ff9ea2c6 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51947.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51947.json @@ -2,27 +2,105 @@ "id": "CVE-2023-51947", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.553", - "lastModified": "2024-01-19T15:56:19.500", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T19:42:16.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication." + }, + { + "lang": "es", + "value": "El control de acceso inadecuado en nasSvr.php en actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 permite a atacantes remotos leer y modificar diferentes tipos de datos sin autenticaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:actidata:actinas_sl_2u-8_rdx_firmware:3.2.03:sp1:*:*:*:*:*:*", + "matchCriteriaId": "FCCAA0EE-7B45-4A77-9BC9-5758C529CDB1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:actidata:actinas_sl_2u-8_rdx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8E538A0F-3B62-4176-AAF2-1599FA199CA1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://actinas-plus-sl-2u-8-rdx.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51947/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51948.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51948.json index 3e24cc5fdfa..7e4742db2ec 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51948.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51948.json @@ -2,23 +2,98 @@ "id": "CVE-2023-51948", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T14:15:12.663", - "lastModified": "2024-01-19T15:56:19.500", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T19:19:02.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de listado de directorio en todo el sitio en /fm en actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 permite a atacantes remotos enumerar los archivos alojados en la aplicaci\u00f3n web." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:actidata:actinas_sl_2u-8_rdx_firmware:3.2.03:sp1:*:*:*:*:*:*", + "matchCriteriaId": "FCCAA0EE-7B45-4A77-9BC9-5758C529CDB1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:actidata:actinas_sl_2u-8_rdx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8E538A0F-3B62-4176-AAF2-1599FA199CA1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51948/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52076.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52076.json index 5a1e10f0656..e94ca7a507b 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52076.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52076.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52076", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-25T16:15:07.930", - "lastModified": "2024-01-25T16:15:07.930", - "vulnStatus": "Received", + "lastModified": "2024-01-25T19:28:53.800", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52355.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52355.json new file mode 100644 index 00000000000..019ffc1cc7c --- /dev/null +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52355.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-52355", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-25T20:15:38.353", + "lastModified": "2024-01-25T20:15:38.353", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-52355", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251326", + "source": "secalert@redhat.com" + }, + { + "url": "https://gitlab.com/libtiff/libtiff/-/issues/621", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52356.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52356.json new file mode 100644 index 00000000000..60fb6e7a812 --- /dev/null +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52356.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-52356", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-25T20:15:39.063", + "lastModified": "2024-01-25T20:15:39.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-52356", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251344", + "source": "secalert@redhat.com" + }, + { + "url": "https://gitlab.com/libtiff/libtiff/-/issues/622", + "source": "secalert@redhat.com" + }, + { + "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/546", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5633.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5633.json index c9fe4097537..86c705e6c68 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5633.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5633.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5633", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-23T22:15:09.430", - "lastModified": "2024-01-10T15:15:10.067", + "lastModified": "2024-01-25T20:15:39.400", "vulnStatus": "Modified", "descriptions": [ { @@ -152,6 +152,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0134", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0461", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5633", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6267.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6267.json new file mode 100644 index 00000000000..e984de0dc64 --- /dev/null +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6267.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6267", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-25T19:15:08.260", + "lastModified": "2024-01-25T19:28:53.800", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-280" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-6267", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251155", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6679.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6679.json index 4d3a9610988..7b59abd97e9 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6679.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6679.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6679", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-11T19:15:09.440", - "lastModified": "2023-12-13T22:03:08.487", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-25T20:15:39.967", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -128,6 +128,18 @@ } ], "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0439", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0448", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0461", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6679", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7227.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7227.json new file mode 100644 index 00000000000..d1b2810fdd1 --- /dev/null +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7227.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-7227", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-01-25T19:15:08.477", + "lastModified": "2024-01-25T19:28:53.800", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nSystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are vulnerable to a command injection vulnerability in the dynamic domain name system (DDNS) settings that could allow an attacker to execute arbitrary commands with root privileges.\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-025-02", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0562.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0562.json index 12042048ef9..57dcadf5470 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0562.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0562.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0562", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-15T19:15:08.120", - "lastModified": "2024-01-23T21:00:27.900", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-25T20:15:40.210", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -129,6 +129,10 @@ } ], "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2024:0412", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0562", "source": "secalert@redhat.com", diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0712.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0712.json index 6685bfc63a6..bb6e9405697 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0712.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0712.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0712", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T14:15:12.837", - "lastModified": "2024-01-19T15:56:19.500", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T19:00:41.903", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Beijing Baichuo Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Beijing Baichuo Smart S150 Management Platform V31R02B15. Ha sido clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /useratte/inc/userattea.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a controles de acceso inadecuados. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-251538 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,58 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:byzoro:smart_s150_firmware:31r02b15:*:*:*:*:*:*:*", + "matchCriteriaId": "4D9EB833-E3F1-479D-A904-FA45CFF7EAA8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:byzoro:smart_s150:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8933946D-BF4C-4F40-8752-D4D6A371BE6E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GTA12138/vul/blob/main/smart%20s150/2024-1-9%20smart%20s150%20101508.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.251538", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.251538", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0718.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0718.json index e933112913e..a1c11e99dfd 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0718.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0718.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0718", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T16:15:11.507", - "lastModified": "2024-01-19T18:48:55.033", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T20:02:34.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251543." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en liuwy-dlsdys zhglxt 4.7.7 y clasificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo /oa/notify/edit del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento notifyTitle conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-251543." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liuwy-dlsdys:zhglxt:4.7.7:*:*:*:*:*:*:*", + "matchCriteriaId": "1B8F00F2-D98C-4C0C-9A9D-C08BF4B2AE77" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/biantaibao/zhglxt_xss/blob/main/xss.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.251543", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.251543", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0720.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0720.json index 07a152d08eb..802fc3a0810 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0720.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0720.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0720", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T16:15:11.733", - "lastModified": "2024-01-19T18:48:55.033", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T20:02:45.290", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, was found in FactoMineR FactoInvestigate up to 1.9. Affected is an unknown function of the component HTML Report Generator. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251544. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en FactoMineR FactoInvestigate hasta 1.9 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente HTML Report Generator es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a cross site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-251544. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:factominer:factoinvestigate:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.9", + "matchCriteriaId": "E4CA6847-DCF2-4C5F-BA0F-A88360856A6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/drive/folders/1ZFjWlD5axvhWp--I7tuiZ9uOpSBmU_f6?usp=drive_link", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.251544", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.251544", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0721.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0721.json index d45da8b358d..cf07a5e2acd 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0721.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0721.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0721", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T16:15:11.953", - "lastModified": "2024-01-19T18:48:55.033", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T20:04:04.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251545 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en Jspxcms 10.2.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente Survey Label Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a cross site scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-251545." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jspxcms:jspxcms:10.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C2CC8654-4A79-4A1D-8AFA-C8309ED94FCD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sweatxi/BugHub/blob/main/jspXCMS-%20Survey%20label.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.251545", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.251545", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0722.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0722.json index 96591ea0347..15d83360968 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0722.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0722.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0722", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T17:15:08.360", - "lastModified": "2024-01-19T18:48:55.033", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T19:59:33.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file message.php of the component Message Page. The manipulation of the argument Story leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251546 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en los proyectos de c\u00f3digo Social Networking Site 1.0 y se clasific\u00f3 como problem\u00e1tica. Una funci\u00f3n desconocida del archivo message.php del componente Message Page es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento Story conduce a cross site scripting. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-251546 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:social_networking_site:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EBE90865-B6CC-4E9A-AF38-C11E14AE0864" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1r-4P-gWuIxuVL2QdOXsqN6OTRtQEmo7P/view?usp=drive_link", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.251546", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.251546", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0723.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0723.json index efb597c07ba..e9301340be3 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0723.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0723.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0723", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T17:15:08.573", - "lastModified": "2024-01-19T18:48:55.033", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T20:00:19.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251547." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en freeSSHd 1.0.9 en Windows. Ha sido clasificada como problem\u00e1tica. Esto afecta a una parte desconocida. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-251547." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,58 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freesshd:freesshd:1.0.9:*:*:*:*:*:*:*", + "matchCriteriaId": "D0856F72-9F1E-425C-B434-BB9DDF88BED6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://packetstormsecurity.com/files/176545/freeSSHd-1.0.9-Denial-Of-Service.html", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?ctiid.251547", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.251547", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0725.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0725.json index fae5f7f3f04..febe8a1d661 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0725.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0725.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0725", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T18:15:08.040", - "lastModified": "2024-01-19T18:48:55.033", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T20:00:34.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251548." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en ProSSHD 1.2 en Windows. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-251548." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,58 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prosshd:prosshd:1.2_20090726:*:*:*:*:*:*:*", + "matchCriteriaId": "A3C8B3DD-5F85-4132-B905-9280256450EC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://packetstormsecurity.com/files/176544/ProSSHD-1.2-20090726-Denial-Of-Service.html", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?ctiid.251548", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.251548", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0728.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0728.json index 0f6fb4f6700..2d5c34b7272 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0728.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0728.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0728", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T19:15:08.413", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T19:55:52.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251551." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en ForU CMS hasta el 23-06-2020 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo channel.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento c_cmodel conduce a la inclusi\u00f3n del archivo. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-251551." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -61,8 +85,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-610" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,18 +105,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:foru_cms_project:foru_cms:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2020-06-23", + "matchCriteriaId": "EAC3894B-590E-44A9-A01C-A330C98EC000" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.251551", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.251551", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0729.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0729.json index 7637bcb9703..9decdf189dc 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0729.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0729.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0729", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T19:15:08.647", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T19:56:39.780", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251552." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en ForU CMS hasta el 23/06/2020 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo cms_admin.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento a_name conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-251552." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:foru_cms_project:foru_cms:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2020-06-23", + "matchCriteriaId": "EAC3894B-590E-44A9-A01C-A330C98EC000" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.251552", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.251552", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0730.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0730.json index 0702a398d74..9ab0b4c16b2 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0730.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0730.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0730", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-19T19:15:08.857", - "lastModified": "2024-01-19T22:52:48.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T19:59:48.803", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251553 was assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Project Worlds Online Time Table Generator 1.0 y clasificada como cr\u00edtica. Una parte desconocida del archivo course_ajax.php afecta a esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-251553." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,18 +95,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:projectworlds:online_time_table_generator:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "89AF98EE-9983-48E4-B200-212717C6C739" + } + ] + } + ] + } + ], "references": [ { "url": "https://torada.notion.site/SQL-injection-at-course_ajax-php-485d8cca5f8c43dfb1f76c7336a4a45e", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.251553", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.251553", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0822.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0822.json index c2e7aa86320..ade64a5141f 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0822.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0822.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0822", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-25T16:15:08.743", - "lastModified": "2024-01-25T16:15:08.743", - "vulnStatus": "Received", + "lastModified": "2024-01-25T19:28:53.800", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0879.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0879.json index 826fb96ac6b..8af63726f68 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0879.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0879.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0879", "sourceIdentifier": "reefs@jfrog.com", "published": "2024-01-25T15:15:07.713", - "lastModified": "2024-01-25T15:15:07.713", - "vulnStatus": "Received", + "lastModified": "2024-01-25T19:28:53.800", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0880.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0880.json index 369f5ec2b1c..22b4758b68c 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0880.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0880.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0880", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-25T18:15:09.027", - "lastModified": "2024-01-25T18:15:09.027", - "vulnStatus": "Received", + "lastModified": "2024-01-25T19:28:53.800", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0882.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0882.json new file mode 100644 index 00000000000..cf388aae86f --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0882.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0882", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-25T19:15:08.687", + "lastModified": "2024-01-25T19:28:53.800", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been classified as problematic. This affects an unknown part of the file /linkwechat-api/common/download/resource of the component Universal Download Interface. The manipulation of the argument name with the input /profile/../../../../../etc/passwd leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252033 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-24" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/biantaibao/LinkWechat-Scrm_arbitrary-file-download-vulnerability/blob/main/report.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252033", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252033", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0883.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0883.json new file mode 100644 index 00000000000..62b375ae203 --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0883.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0883", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-25T19:15:08.940", + "lastModified": "2024-01-25T19:28:53.800", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252034 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://blog.csdn.net/weixin_56393356/article/details/135756616", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252034", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252034", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21630.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21630.json new file mode 100644 index 00000000000..2a43a89135a --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21630.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2024-21630", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-25T20:15:40.423", + "lastModified": "2024-01-25T20:15:40.423", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only to streams that the inviter can already see. Version 8.1 fixes this issue. As a workaround, administrators can limit sending of invitations down to users who also have the permission to add users to streams." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/zulip/zulip/commit/0df7bd71f32f3b772e2646c6ab0d60c9b610addf", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/zulip/zulip/security/advisories/GHSA-87p9-wprh-7rm6", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/zulip/zulip/security/advisories/GHSA-mrvp-96q6-jpvc", + "source": "security-advisories@github.com" + }, + { + "url": "https://zulip.com/help/configure-who-can-invite-to-streams", + "source": "security-advisories@github.com" + }, + { + "url": "https://zulip.com/help/restrict-account-creation#change-who-can-send-invitations", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-224xx/CVE-2024-22432.json b/CVE-2024/CVE-2024-224xx/CVE-2024-22432.json index 67891852ca5..e003575384b 100644 --- a/CVE-2024/CVE-2024-224xx/CVE-2024-22432.json +++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22432.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22432", "sourceIdentifier": "security_alert@emc.com", "published": "2024-01-25T15:15:07.923", - "lastModified": "2024-01-25T15:15:07.923", - "vulnStatus": "Received", + "lastModified": "2024-01-25T19:28:53.800", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22529.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22529.json index af16fe55c42..43da02ddc75 100644 --- a/CVE-2024/CVE-2024-225xx/CVE-2024-22529.json +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22529.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22529", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-25T16:15:08.960", - "lastModified": "2024-01-25T16:15:08.960", - "vulnStatus": "Received", + "lastModified": "2024-01-25T19:28:53.800", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22562.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22562.json index 29879c64b92..8688432bc1e 100644 --- a/CVE-2024/CVE-2024-225xx/CVE-2024-22562.json +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22562.json @@ -2,19 +2,80 @@ "id": "CVE-2024-22562", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T15:15:09.463", - "lastModified": "2024-01-19T15:56:19.500", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T20:22:03.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que swftools 0.9.2 contiene un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria mediante la funci\u00f3n dict_foreach_keyvalue en swftools/lib/qc" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:swftools:swftools:0.9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "B6149BA0-2082-45B7-9B43-CAC2F1768770" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/matthiaskramm/swftools/issues/210", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-227xx/CVE-2024-22729.json b/CVE-2024/CVE-2024-227xx/CVE-2024-22729.json index 66b4802ce2c..fc8f74ff6c6 100644 --- a/CVE-2024/CVE-2024-227xx/CVE-2024-22729.json +++ b/CVE-2024/CVE-2024-227xx/CVE-2024-22729.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22729", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-25T15:15:08.133", - "lastModified": "2024-01-25T15:15:08.133", - "vulnStatus": "Received", + "lastModified": "2024-01-25T19:28:53.800", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-227xx/CVE-2024-22749.json b/CVE-2024/CVE-2024-227xx/CVE-2024-22749.json index 565f6a2a6e5..d7e34da33b6 100644 --- a/CVE-2024/CVE-2024-227xx/CVE-2024-22749.json +++ b/CVE-2024/CVE-2024-227xx/CVE-2024-22749.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22749", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-25T16:15:09.010", - "lastModified": "2024-01-25T16:15:09.010", - "vulnStatus": "Received", + "lastModified": "2024-01-25T19:28:53.800", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-229xx/CVE-2024-22920.json b/CVE-2024/CVE-2024-229xx/CVE-2024-22920.json index 27f576924fd..858fc1ab418 100644 --- a/CVE-2024/CVE-2024-229xx/CVE-2024-22920.json +++ b/CVE-2024/CVE-2024-229xx/CVE-2024-22920.json @@ -2,19 +2,80 @@ "id": "CVE-2024-22920", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-19T15:15:09.560", - "lastModified": "2024-01-19T15:56:19.500", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-25T20:26:16.860", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que swftools 0.9.2 contiene un use-after-free de almacenamiento din\u00e1mico a trav\u00e9s de la funci\u00f3n bufferWriteData en swftools/lib/action/compile.c." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:swftools:swftools:0.9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "B6149BA0-2082-45B7-9B43-CAC2F1768770" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/matthiaskramm/swftools/issues/211", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23655.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23655.json new file mode 100644 index 00000000000..8e0f0189ac6 --- /dev/null +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23655.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23655", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-25T20:15:40.913", + "lastModified": "2024-01-25T20:15:40.913", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusable state. In this case, a user can no longer access received e-mails. Since the vulnerability affects not only the app, but also the web application, a user in this case has no way to access received emails. This issue was tested with iOS and the web app, but it is possible all clients are affected. Version 3.119.10 fixes this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/tutao/tutanota/releases/tag/tutanota-release-3.119.10", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/tutao/tutanota/security/advisories/GHSA-5h47-g927-629g", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23656.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23656.json new file mode 100644 index 00000000000..847fb852273 --- /dev/null +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23656.json @@ -0,0 +1,75 @@ +{ + "id": "CVE-2024-23656", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-25T20:15:41.107", + "lastModified": "2024-01-25T20:15:41.107", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + }, + { + "lang": "en", + "value": "CWE-757" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dexidp/dex/blob/70d7a2c7c1bb2646b1a540e49616cbc39622fb83/cmd/dex/serve.go#L425", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/dexidp/dex/commit/5bbdb4420254ba73b9c4df4775fe7bdacf233b17", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/dexidp/dex/issues/2848", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/dexidp/dex/pull/2964", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/dexidp/dex/security/advisories/GHSA-gr79-9v6v-gc9r", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23817.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23817.json new file mode 100644 index 00000000000..0d48c7220b0 --- /dev/null +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23817.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23817", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-25T20:15:41.313", + "lastModified": "2024-01-25T20:15:41.313", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendered content in the application's response. Specifically, I was able to successfully inject a new HTML tag into the returned document and, as a result, was able to comment out some part of the Dolibarr App Home page HTML code. This behavior can be exploited to perform various attacks like Cross-Site Scripting (XSS). To remediate the issue, validate and sanitize all user-supplied input, especially within HTML attributes, to prevent HTML injection attacks; and implement proper output encoding when rendering user-provided data to ensure it is treated as plain text rather than executable HTML." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-7947-48q7-cp5m", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23855.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23855.json index b172194ae0c..e556dc943b3 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23855.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23855.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23855", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2024-01-25T14:15:27.183", - "lastModified": "2024-01-25T14:15:27.183", - "vulnStatus": "Received", + "lastModified": "2024-01-25T19:28:53.800", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 819bc0c1204..6f13ebc534c 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-25T19:00:40.111528+00:00 +2024-01-25T21:00:24.971063+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-25T18:19:25.647000+00:00 +2024-01-25T20:59:39.773000+00:00 ``` ### Last Data Feed Release @@ -29,45 +29,55 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -236794 +236805 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `11` -* [CVE-2024-0880](CVE-2024/CVE-2024-08xx/CVE-2024-0880.json) (`2024-01-25T18:15:09.027`) +* [CVE-2023-6267](CVE-2023/CVE-2023-62xx/CVE-2023-6267.json) (`2024-01-25T19:15:08.260`) +* [CVE-2023-7227](CVE-2023/CVE-2023-72xx/CVE-2023-7227.json) (`2024-01-25T19:15:08.477`) +* [CVE-2023-41474](CVE-2023/CVE-2023-414xx/CVE-2023-41474.json) (`2024-01-25T20:15:36.993`) +* [CVE-2023-52355](CVE-2023/CVE-2023-523xx/CVE-2023-52355.json) (`2024-01-25T20:15:38.353`) +* [CVE-2023-52356](CVE-2023/CVE-2023-523xx/CVE-2023-52356.json) (`2024-01-25T20:15:39.063`) +* [CVE-2024-0882](CVE-2024/CVE-2024-08xx/CVE-2024-0882.json) (`2024-01-25T19:15:08.687`) +* [CVE-2024-0883](CVE-2024/CVE-2024-08xx/CVE-2024-0883.json) (`2024-01-25T19:15:08.940`) +* [CVE-2024-21630](CVE-2024/CVE-2024-216xx/CVE-2024-21630.json) (`2024-01-25T20:15:40.423`) +* [CVE-2024-23655](CVE-2024/CVE-2024-236xx/CVE-2024-23655.json) (`2024-01-25T20:15:40.913`) +* [CVE-2024-23656](CVE-2024/CVE-2024-236xx/CVE-2024-23656.json) (`2024-01-25T20:15:41.107`) +* [CVE-2024-23817](CVE-2024/CVE-2024-238xx/CVE-2024-23817.json) (`2024-01-25T20:15:41.313`) ### CVEs modified in the last Commit -Recently modified CVEs: `223` +Recently modified CVEs: `66` -* [CVE-2023-20255](CVE-2023/CVE-2023-202xx/CVE-2023-20255.json) (`2024-01-25T17:15:41.560`) -* [CVE-2023-20256](CVE-2023/CVE-2023-202xx/CVE-2023-20256.json) (`2024-01-25T17:15:41.643`) -* [CVE-2023-20259](CVE-2023/CVE-2023-202xx/CVE-2023-20259.json) (`2024-01-25T17:15:41.753`) -* [CVE-2023-20261](CVE-2023/CVE-2023-202xx/CVE-2023-20261.json) (`2024-01-25T17:15:41.857`) -* [CVE-2023-20262](CVE-2023/CVE-2023-202xx/CVE-2023-20262.json) (`2024-01-25T17:15:41.980`) -* [CVE-2023-20263](CVE-2023/CVE-2023-202xx/CVE-2023-20263.json) (`2024-01-25T17:15:42.087`) -* [CVE-2023-20264](CVE-2023/CVE-2023-202xx/CVE-2023-20264.json) (`2024-01-25T17:15:42.220`) -* [CVE-2023-20265](CVE-2023/CVE-2023-202xx/CVE-2023-20265.json) (`2024-01-25T17:15:42.363`) -* [CVE-2023-20266](CVE-2023/CVE-2023-202xx/CVE-2023-20266.json) (`2024-01-25T17:15:42.510`) -* [CVE-2023-20267](CVE-2023/CVE-2023-202xx/CVE-2023-20267.json) (`2024-01-25T17:15:42.653`) -* [CVE-2023-20268](CVE-2023/CVE-2023-202xx/CVE-2023-20268.json) (`2024-01-25T17:15:42.763`) -* [CVE-2023-20269](CVE-2023/CVE-2023-202xx/CVE-2023-20269.json) (`2024-01-25T17:15:42.883`) -* [CVE-2023-20270](CVE-2023/CVE-2023-202xx/CVE-2023-20270.json) (`2024-01-25T17:15:43.070`) -* [CVE-2023-20272](CVE-2023/CVE-2023-202xx/CVE-2023-20272.json) (`2024-01-25T17:15:43.193`) -* [CVE-2023-20273](CVE-2023/CVE-2023-202xx/CVE-2023-20273.json) (`2024-01-25T17:15:43.297`) -* [CVE-2023-20274](CVE-2023/CVE-2023-202xx/CVE-2023-20274.json) (`2024-01-25T17:15:43.440`) -* [CVE-2023-20275](CVE-2023/CVE-2023-202xx/CVE-2023-20275.json) (`2024-01-25T17:15:43.557`) -* [CVE-2023-27168](CVE-2023/CVE-2023-271xx/CVE-2023-27168.json) (`2024-01-25T17:23:30.823`) -* [CVE-2023-47995](CVE-2023/CVE-2023-479xx/CVE-2023-47995.json) (`2024-01-25T18:15:07.957`) -* [CVE-2023-5178](CVE-2023/CVE-2023-51xx/CVE-2023-5178.json) (`2024-01-25T18:15:08.087`) -* [CVE-2023-5824](CVE-2023/CVE-2023-58xx/CVE-2023-5824.json) (`2024-01-25T18:15:08.250`) -* [CVE-2023-5981](CVE-2023/CVE-2023-59xx/CVE-2023-5981.json) (`2024-01-25T18:15:08.577`) -* [CVE-2024-22877](CVE-2024/CVE-2024-228xx/CVE-2024-22877.json) (`2024-01-25T17:45:50.770`) -* [CVE-2024-0553](CVE-2024/CVE-2024-05xx/CVE-2024-0553.json) (`2024-01-25T18:15:08.780`) -* [CVE-2024-22876](CVE-2024/CVE-2024-228xx/CVE-2024-22876.json) (`2024-01-25T18:19:25.647`) +* [CVE-2023-38235](CVE-2023/CVE-2023-382xx/CVE-2023-38235.json) (`2024-01-25T20:24:34.103`) +* [CVE-2023-3935](CVE-2023/CVE-2023-39xx/CVE-2023-3935.json) (`2024-01-25T20:24:58.783`) +* [CVE-2023-44358](CVE-2023/CVE-2023-443xx/CVE-2023-44358.json) (`2024-01-25T20:34:40.990`) +* [CVE-2023-39169](CVE-2023/CVE-2023-391xx/CVE-2023-39169.json) (`2024-01-25T20:34:50.637`) +* [CVE-2024-0712](CVE-2024/CVE-2024-07xx/CVE-2024-0712.json) (`2024-01-25T19:00:41.903`) +* [CVE-2024-23855](CVE-2024/CVE-2024-238xx/CVE-2024-23855.json) (`2024-01-25T19:28:53.800`) +* [CVE-2024-0879](CVE-2024/CVE-2024-08xx/CVE-2024-0879.json) (`2024-01-25T19:28:53.800`) +* [CVE-2024-22432](CVE-2024/CVE-2024-224xx/CVE-2024-22432.json) (`2024-01-25T19:28:53.800`) +* [CVE-2024-22729](CVE-2024/CVE-2024-227xx/CVE-2024-22729.json) (`2024-01-25T19:28:53.800`) +* [CVE-2024-0822](CVE-2024/CVE-2024-08xx/CVE-2024-0822.json) (`2024-01-25T19:28:53.800`) +* [CVE-2024-22529](CVE-2024/CVE-2024-225xx/CVE-2024-22529.json) (`2024-01-25T19:28:53.800`) +* [CVE-2024-22749](CVE-2024/CVE-2024-227xx/CVE-2024-22749.json) (`2024-01-25T19:28:53.800`) +* [CVE-2024-0880](CVE-2024/CVE-2024-08xx/CVE-2024-0880.json) (`2024-01-25T19:28:53.800`) +* [CVE-2024-0728](CVE-2024/CVE-2024-07xx/CVE-2024-0728.json) (`2024-01-25T19:55:52.273`) +* [CVE-2024-0729](CVE-2024/CVE-2024-07xx/CVE-2024-0729.json) (`2024-01-25T19:56:39.780`) +* [CVE-2024-0722](CVE-2024/CVE-2024-07xx/CVE-2024-0722.json) (`2024-01-25T19:59:33.577`) +* [CVE-2024-0730](CVE-2024/CVE-2024-07xx/CVE-2024-0730.json) (`2024-01-25T19:59:48.803`) +* [CVE-2024-0723](CVE-2024/CVE-2024-07xx/CVE-2024-0723.json) (`2024-01-25T20:00:19.830`) +* [CVE-2024-0725](CVE-2024/CVE-2024-07xx/CVE-2024-0725.json) (`2024-01-25T20:00:34.827`) +* [CVE-2024-0718](CVE-2024/CVE-2024-07xx/CVE-2024-0718.json) (`2024-01-25T20:02:34.107`) +* [CVE-2024-0720](CVE-2024/CVE-2024-07xx/CVE-2024-0720.json) (`2024-01-25T20:02:45.290`) +* [CVE-2024-0721](CVE-2024/CVE-2024-07xx/CVE-2024-0721.json) (`2024-01-25T20:04:04.020`) +* [CVE-2024-0562](CVE-2024/CVE-2024-05xx/CVE-2024-0562.json) (`2024-01-25T20:15:40.210`) +* [CVE-2024-22562](CVE-2024/CVE-2024-225xx/CVE-2024-22562.json) (`2024-01-25T20:22:03.963`) +* [CVE-2024-22920](CVE-2024/CVE-2024-229xx/CVE-2024-22920.json) (`2024-01-25T20:26:16.860`) ## Download and Usage